Within Integrated Cyber Defence Exchange (ICDx), some events collected via the DataCenter Security (DCS) Collector sometimes contain a device_name field. Other events from DCS do not appear to have this field.
The DCS Collector included with ICDx 1.3 and earlier maps the operation field into a device_name field. Where the original event in DCS database has a null entry for the hostname, DCS Collector does not add a device_name field on the event within the ICDx archive for that DCS Collector.
Please update to ICDx 1.3.1, where the DCS Collector maps the agent name to the device_name field when the hostname is null on that event when received from the DCS database.
Subscribing will provide email updates when this Article is updated. Login is required.